OXE Ip Ports

1/38
Sheet:Introduction
Introduction
This document describes the IP flows involved in the OmniPCX Enterprise (OXE) solution for medium and large enterprises. Its aims is to allow a network
administrator to precisely configure its firewall devices to open the minimal amount of ports required to have a working OXE installation in its specific
deployment.
Every ingress and egress IP flows of each device of the OXE solution is described in a separate table. For each flow, source and destination ports are
mentioned along with the category of the flow: whether it is for user (voice) transport, signalling, management or support. This enables network
administrators to for example block at their firewalls all IP flows related to the activity of support, enabling them through on demand of a technician only.
Document organization
A first group of tab explains the notions and notations introduced later in the document. Those tabs are: Glossary, Headres, Services, Planes, Port Ranges.
The second group of tabs list the actual ingress and egress IP flows for the various network elements comprising the OXE solution. The elements are
grouped together into a reduced number of tabs: CS for the Call Server, MG for all types of media gateways, UA phones for all kinds of UA phone whether
hard phones (IP Phone and IP touch) or soft, OTUC, OTCC.
This document has been updated for OXE R7.1
Differences with the previous edition are marked in column 1
Synthesis of IP flows in OmniPCX Enterprise solution
2/38
Sheet:Glossary
Glossary
Only terms and acronyms used in a way different than standard or specific to the OXE solution are listed here.
Some terms actually represent functions found on one or the other element of the OXE solution. In that case the third column specifies where this
function is located.
Term
Meaning
4760
OmniVista console for the configuration, maintenance, accounting, and handling of
alarms of one or more OXE systems. OmniVista consists of 4760 clients connecting to
a 4760 server. The 4760 server in turn controls the OXE CS.
4059
Operator station on Windows PC
4635
Voice mail on A4400 hardware
4645
Voice mail on Alize hardware
4760i
E-config: light version of OmniVista Application
Alcatel Audio Station: a Windows application to record voice guides for the automated
AAS
attendant or voice mail system later transfered to the PBX.
ACAPI
Alcatel Configuration API: an API offered on Windows systems to enable applications
to remotely configure the OXE.
ACD
Advanced Call Distribution
AHL
Alcatel Hospitality Link to interface OXE with applications specifics to the
Hotel/Hospital business.
ATAPI
Alcatel Telephony API
Audiocode
Analog fax interface over IP, using the H.323 protocol suite.
Configurable value giving the lower bound of the range of port used on the LAN to
BASE_PORT
carry voice conversations. The range width is 256 ports.
Contact Center Distribution: calls distribution to agents or other resources
CCD
CMIP
Common Management Information Protocol
CMIS
Common Management Information System
CS
Communication Server
CSTA
Computer Supported Telephony Applications
Assigns IP addresses on a subnet + gives other subnet configuration information and
DHCP server
TFTP server address
MediaGateway applicative
GA
GD
MediaGateway driver
High Speed Link used between a GD and additionnal Aliz chassis.
HSL
INTerconnecting on IP network: Internode or H323 gateway and IP devices
INTIP-A
INTIP-B
INTerconnecting on IP network :only IP devices
IP link
Alcatel proprietary protocol used to control a Media Gateway. Also called UA when
targeting a phone set (IP phone or IP touch).
Function usually assumed by
Some WindowsPC
BP = 32000 for OXE <= R5.0Lx

BP = 32512 for OXE >= R5.1
The Call Server
3/38
Term
IP phone
IP touch
IPP
LDAP server
LIOE
MAO
MG
MIB browser
Meaning
V1 (4098RE), V1S (4098FRE), V2 (embedded box) models
Also called NOE phone. IP phone sets have references: 4018, 4028, 4038, 4068
Abreviation for IP phone
Any LDAP server containing Phonebook information.
Link Optimizer board Ethernet: Inter-nodal and H.323 gateway
OXE central configuration database.
Media Gateway.
SNMP manager collecting information from the various network elements using the
SNMP protocol to browse the elements' internal databases (MIBs).
MIPT
MOXA box
MSM
Mobile IP Telephony handset

V24 port extension device
Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
Network Management Department (for example they produce the 4760).
Abreviation for IP touch & NOE IP.
Also called IPTouch: 4018, 4028, 4038, 4068 models
NTP is a standard (IETF) peer to peer protocol used to maintain a consistent view of
time amongst a set of cooperating systems.
OmniAccess Wireless LAN switch
Open Telephony Server: a server enabling feature-rich communication-oriented
applications to be developped around the OXE solution.
OmniTouch Unified Communication.
The workstations used by the various system administrators to configure, collect
statistics or billling information.
The PC used by the Business Partner technician or a system administrator to pursue
an investigation in the various systems constituting the installation.
Presentation Server. Runs 3d party applications displaying on the various NOE phone
sets.
Remote Authentication Dial-In User Service
NMD
NOE
NOE IP
NTP server
OAW
OTS
OTUC
PC admin
PC support
PRS
RADIUS
rGD
STAP
SSM
SVP
Sheet:Glossary
GD, GA, INT_IP A or B.

Customer's network supervision
application (e.g. HP OpenView, IBM's
Tivoli)
The Call Server
A Windows PC
An administrator PC or workstation
A Windows PC
An authentication server provided by

the customer.
Remote GD over an HSL link (not over IP)

Simple Telephony Application Protocol
Server Security Module used to encrypt/decrypt the voice and fax flows. This module
is used in front of the Call Server (potentialy with embedded 4645).
SVP server
Spectralink Voice Protocol
4/38
Term
Syslog
TFTP server
Trap supervisor
Trusted router
Meaning
A Linux framework enabling application to add entries to an event journal with
indication of the emitting facility indication, severity level, system name, date and time,
and free format text. The framework offers a rich dispatch mechanism, even allowing
records to be offloaded to a remote system.
Download boot image voice guides, phone configuration information, binaries
download (VoIP boards/setc), etc
System receiving the various events sent by all the network elements connected to the
customer's network.
UA phone set
Customer's router from which IP routing information (through RIP protocol) is

received.
Only the IP devices are considered here.
Universal Alcatel: proprietary signaling protocol. Also called IPlink when targeting a
media-gateway.
Any of the hardware or software phone set that supports the UA signaling protocol.
UPS
Uninterruptible Poser Supply
TSCLIOE
UA
Sheet:Glossary
The Call Server
The Call Server

Customer's network supervision
application (e.g. HP OpenView, IBM's
Tivoli)
IP phone, IP touch, Softphone
5/38
Sheet:Headers
Column headers
The meaning of the various column headers used in the product tabs (CS, 4645, UA phones, ...) is given here.
Not all headers are present in every tab.
Header name
Purpose
Plane
Protocol
Initiator
Source port
Responder
Service port
Condition of activation
Admission control
OXE version
OTUC version
Parent process (on CS)

Process image (on CS)
Authentication
Meaning
Function fulfilled by this flow.

Function group to which belongs this flow.
Layer 7 protocol carried by this flow.
System emitting the first packet. This is important for
connection tracking security functions like firewall or
NAT.
Port number or range or port from which this first
packet is emitted, if applicable.
Note that some protocols (e.g. TFTP) switch after
connection to a different port, this is specified in the
corresponding RFP.
The system toward which the packets are sent.
The specific port on the Responding system listening
to the incoming connection requests.
For some specific protocols not used in the LEV
solution this can be a range of port (e.g. Sun RPC).
Certain conditions are sometime required for this flow
to appear on a LAN.
Access to some services are subject to possession of
the proper credential.
Some flow have disappeared (< or <=) during the OXE
or OTUC product lifetime, or some new flows have
been introduced (> or >=) since the given version.
Information useful for R&D
Information useful for R&D
Tells whether some form of authentication is
performed on the requesting end-user and if this
authentication is carried over the wire to the server
(responder).
Example
File transfert for what purpose.

User plane, control plane.
Telnet, HTTP.
CS, OTUC server
427/tcp, Dyn_Voice/udp
NOE, GD
23/tcp, 12345/udp
Licence XX purchased, presence of server YY

IP address, certificate
<R5.1.1, >=R6.2
login/password, cookie
For more
information see
tab
Services
Planes
Services
Port ranges
6/38
Header name
Confidentiality
Integrity
Notes
Meaning
Example
Tells whether confidentiality of the information

Partial or total encryption, challenge/response
crossing the network is preserved.
Tells whether integrity of the information sent over the CRC32, MD5, SHA1
wire is controlled against accidental or malicious
tampering.
Additional information deemed relevant.
Sheet:Headers
For more
information see
tab
7/38
Sheet:Services
Services
Important:
The list below includes all IP services known to be used by Alcatel past and future products.
In no way this list implies that those ports shall be opened for the CSBU solution to deliver its expected service.
Name
Port
Standard
N/A
RFC 777
FTP data
20/tcp
RFC 959
FTP control
SSH
21/tcp
22/tcp
RFC 959
pending RFC
(WG=secsh)
telnet
23/tcp
RFC 854
SMTP
Domain Name Server (DNS)
Bootps/DHCP Client
25/tcp
53/udp
67/udp
RFC 2821
RFC 1034
RFC 2131
Bootpc/DHCP Server
TFTP
68/udp
69/udp
RFC 2131
RFC 1350
HTTP
80/tcp
ICMP
NTP
IMAP
SNMP trap
123/udp
143/tcp
162/udp
RFC 1945,
2068, 2616
RFC 1305
RFC 3501
RFC 1157
LDAP
HTTPS
shell
syslog
RIP
moxatty
389/tcp
443/tcp
514/tcp
514/udp
520/udp
1028/udp
RFC 2251
RFC 2818
RFC 1282
RFC 3164
RFC 2453
prop. NAOS
Condition of
version?
Description
Only ping function is used by the voice applications: IPMP echo request and ICMP
echo reply. The IP stack may use other ICMP services as well (example: path MTU
discovery).
Only data is sent or received through this port. In FTP active mode the FTP server
opens the data connection towards the FTP client using this as the source port. In
passive mode the FTP client opens the FTP data connection towards the FTP
server using this port as the service port.
FTP standard service port. Used by client to establish the control connection.
Provides a robust, proven and extensible solution for secure connections
Used for remote connection for maintenance purpose and for management tool
(4760)
Alarms towards 4760 (no listening on)
Only used by SIP devices in case of spatial redundancy
Dynamic IP address management request to PC installer for CPU installation (no
listening on)
DHCP server for IP-Phones, GD, GA, INT-IP B boards, PCs,.
TFTP server used for binaries downloading for IP-Phones, GD, GA, INT-IP B
boards; for voice guides downloading to GD, GA boards
Browser for 4760i
Synchronization of Ccview clients (ACD V2) and Call Server
Internet Message Access Protocol
Call Server incidents (SNMP traps) notification to a Network Management Platform
LDAP client access in case of phonebook overflow
Secured Web Server by SSL protocol
Remote Shell for command execution
>=R6.2
Routing Information Protocol
Nport product from MOXA company to have multiple V24 accesses
8/38
Name
Port
Standard
H.323 Gateway discovery

H.323 Gateway stats and RAS
H.323 RAS signalling
H.323 H.225 signalling
RADIUS
H.323 H.245 signalling (Alcatel)
H.323 Registration Authentication
and Signalling (RAS)
1718/udp
1719/udp
1720/udp
1720/tcp
1812/udp
1961/tcp
9090/tcp
ITU-T H.323
ITU-T H.323
ITU-T H.323
ITU-T H.323
RFC 2865
prop. ALA
ITU-T H.323
2048/udp
10000/udp
dynamic port
2533/tcp
prop. ALA
prop. ALA
Receive incidents from IPT Security box (SSM)

Sending of start_srtp to IPT Security box (SSM)
prop. ALA
Network access for Alcatel configuration applications based on ACAPI v1.x (CMISD,
ABC-A and TSE applications) and sending of Accounting tickets over IP
PAD X.25
BTlink
BTlink
netaccess
pad (packet
assembly/disassembly)
cmisd
saverest
2534/tcp
ITU-T X.29
2535/tcp
2536/tcp
ITU-T CMIP?
prop. ALA
acd
2538/tcp
prop. ALA
builddistant
loaddistant
auditres1
auditres2
acdccs
acdpcag
suprout
alb
rtest
rcsta
2539/tcp
2540/tcp
2541/tcp
2542/tcp
2543/tcp
2544/tcp
2545/tcp
2546/tcp
2554/tcp
2555/tcp
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
STAP, hybrid-vpn
notif-gsm
redundancy
2556/udp
2557/udp
2558/tcp
prop. ALA
prop. ALA
prop. ALA
Condition of
version?
Sheet:Services
Description
H.323 Internal Gatekeeper
>=R7.0
H.323 Internal Gatekeeper. Closed by default after F1.602.3m
Cmis server for Call Server configuration

Used by network management application 4740 for save/restore operations
(obsolete).
ACDV2 applications (CCM, CCS, ASM). This port gives access to many different
services at the same time: Advanced Call Distribution protocol, telnet protocol (for
support only).
Audit/Broadcast between Call Servers
Audit/Broadcast between Call Servers
Audit/Broadcast: reserved for future use
Audit/Broadcast: reserved for future use
ACD terminal server
ACD PC agent
Suproutage: supervision X25
ACD Agent List Builder
Remote testing
ASN-1 CSTA access server. This port gives access to many different services at the
same time: CSTA protocol, telnet protocol (for support only), HTTP protocol (for
configuration).
ABC-F signalling over IP for IP hybrid links
GSM notification server (obsolete)
Call Server duplication over Ethernet
9/38
Name
Port
Standard
rsl
rlis
ahltcp
dhcdupli
dhcdupli_m
dhcdupli_s
servobs
servobs_c
dhcdupli_c
tftpd_dow
netadmin
2559/udp
2560/tcp
2561/tcp
2562/tcp
2563/udp
2564/udp
2565/tcp
2566/tcp
2567/udp
2568/udp
2569/tcp
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
prop. ALA
?
prop. ALA
prslink
nut
2570/udp
3305/udp
3305/tcp
3493/udp
3493/tcp
3595/tcp
prop. ALA
prop. NUT
>=R6.0
<R6.2
RSL socket port

lis server for SOSM
AHL link over IP for Hotel/Hospital with external management
DHCP duplication over Ethernet in case of Call Server duplication
DHCP duplication on main Call Server in case of Call Server duplication
DHCP duplication on standbye Call Server in case of Call Server duplication
Server for service observation
Client for service observation
DHCP dupli command
Use has been related TFTP download (obsolete).
Network configuration daemon. This port is used locally to the system the daemon is
running on. Not accessible from the LAN.
DLink between Prs and CS
UPS monitoring for OXE version before R6.2 (excluded)
prop. NUT
>=R6.2
UPS monitoring for OXE versions since R6.2 (inclusive)
RFC 3804
RFC 3501
prop. ALA
RFC 3261
Virtual domain IMAP
securid
4020/tcp
4021/tcp
4033/tcp
4560/udp
5060/udp
5060/tcp
5500/udp
prop. RSA
securidprop
5510/tcp
prop. RSA
sdlog
5520/tcp
prop. RSA
sdserv
5530/tcp
prop. RSA
nmccs
SIP gateway (Alcatel)
5540/tcp
6060/udp
prop. ALA
RFC 3261
incid2trap
12300/udp
13200/udp
Protocol used by the clients supporting the SecurID One-Time Password token to
communicate with the RSA SecuriID authentication server.
NMD supervision (4760i)
SIP gateway service port when the SIP proxy is active on CS (SIP gateway is
available on port 5060 when SIP proxy is not active).
Call Server incidents: resynchronization port for Network Management Platform
nut
ATAPI
VPIM
VIMAP
H.323 monitoring (Alcatel)
SIP proxy
Condition of
version?
Sheet:Services
prop. ALA
Description
Alcatel Telephony API used by CTI applications to drive the Call Server for example
to dial outgoing phone calls.
Voice Profile for Internet Mail
Session Initiation Protocol proxy servier
<=R5.1
>=R5.1.1
10/38
Name
alzbootps
alzbootpc
RTP/RTCP
Port
Standard
23400/udp
23401/udp
3200032255/udp
RFC 2131
RFC 3550
Condition of
version?
UA
Dyn_Voice/udp
32128/udp
<R5.1
>=R5.1
prop. ALA
32640/udp
UA lite
32641/udp
<R5.1
>=R5.1
prop. ALA
Description
Non standard ports used by OmniPCX Office (OXO) to implement the DHCP service
Dyn_Voice/udp
3251232767/udp
Sheet:Services
>=R6.2
Standard RTP protocol used to carry voice over IP. Ports from this range are used
by installations made while releases prior to R5.1 where current or by installations
having migrated from those older releases .
The range width is not configurable. The range base port number is configurable
through MAO.
Standard RTP protocol used to carry voice over IP. Ports from this range are used
by every new installations since R5.1.
The range width is not configurable. The range base port number is configurable
through MAO.
Alcatel proprietary signalling protocol, used on this port by installations having
migrated from releases older than R5.1
Alcatel proprietary signalling protocol, used on this port by every new installation
since R5.1
Only the START_RTP and START_FAX messages from the Alcatel proprietary
signalling protocol are sent in this protocol: i.e. no Dlink is maintained.
11/38
Planes
IP flows can be grouped by the broad purpose they fullfil. One possible grouping is into groups called 'planes'. One
group -or plane- is used to identify flows carrying data directly useful to the user (e.g. voice), another group carries for
example information required to establish the flows seen by the user (e.g. signalling).
The following 4 planes are identified in the OmniPCX for Enterprise solution:
Plane name
user
Plane description
This plane contains all the flows directly useful to the end user, other flows that may look like user
flaows whose content is like email exchanges or file transfert belong to the user plane only if
resulting directly from a user request.
Example of a flow belonging to this plane is: voice (RTP) flows for the OXE.
Example of a flow that do not belong to this plane but to the control plane is: email exchanges
between two voice mail systems to synchronize the states of the various user voice mailboxes.
control
management
support
all IP flows used to enable transport of information in the user plane belong to this plane. This is
phone signalling, but also the FTP data transfer when used to synchronize for instance the
configuration between 2 cooperating systems.
Flows in this plane are mandatory to go through a firewall unless condition of activation proves
that they are not used in a given deployment.
In this plane we find all flows used to manage the system, for example to configure, establish
statistics, perform user billing.
Flows between the Call Server and the 4760 server fall mostly into this plane.
All IP flows occuring in this plane are not needed for the day to day operation of the system (all
the 3 planes above are mandatory). Flows in this plane appear on a network for example during
maintenance operation (e.g. system software upgrade) or support operation (e.g. when
debugging voice quality problems).
Sheet:Planes
12/38
Sheet:Port ranges
Dynamic Port Ranges

Whenever an client application opens a TCP connection to a server (or a pseudo connection over UDP) and doesn't explicitely binds it to a specific port number, the
Operating System dynamically allocates one TCP (or UDP) port within a certain range of numbers: this is the dynamic port range.
On a system more than one dynamic port ranges may coexist. The ports within those ranges are used differently: the dynamic port range is used for the client side of TCP and
UDP connection, another port range may be defined to group together ports used by RTP connections, and a third one may be used for H.245 connections.
Port range
usage
Port range
name
Dyn_CS
Dyn_MG
Network element Operating System

and
Release
OXE R5.OUx and
CS
before
(Chorus-based
operating system)
OXE R5.0Lx, R5.1,
R5.1.x
(old Linux based
operating system)
OXE >= R6.0
(Linux based
operating system)
Range lower Range upper

bound
bound
1024
ou
40000
4999
ou
44999
10000
20000
10000
10499
GD
GA
INT_IP boards
Linux
1024
4999
32512
32767
IPphone
IPtouch
SSM, MSM
?
VxWorks
?
2048
1024
?
65535
65535
?
VoWLAN solution
1024
65535
Dyn_Win
4760 server and

clients,
Contact center
servers
Microsoft Windows
1024
4999
Dyn_Lnx
Linux (OTUC
servers)
?
GD
INT_IP A
Linux RH 7.3
32768
60999
?
21000/tcp
?
21999/tcp
Client side of Dyn_INT_IP

TCP and UDP
connections
Dyn_IPP
Dyn_NOE
Dyn_xSM
Dyn_WLAN
Dyn_?
Dyn_H225_CLT
Notes
Range depends on TFTP answering server: Chorus (1st range

or TEL (2nd range).
Not configurable.
See doc [3] for exact information. The range lower bound is
configurable above 3000. The range width is configurable not
smaller than 128. Any port value within the range shall be lower
than 32767.
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
Used by INT_IP boards to download their binaries using TFTP.

Note: the values listed here are not related to the actual value of
BASE_PORT.
Used by the Security Modules used to encrypt/decrypt the

signaling, voice and fax flows in transit over the LAN.
Configurable through creation in the registry of the key

MaxUserPort (REG_DWORD) with a minimum value of 0x1388
(default = 5000) under the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Tcpip\Parameters
Configurable through /proc/sys/net/ipv4/ip_local_port_range
Nothing is known about that range besides its existence.
H323 Outgoing call establishment signalisation H225 (Q931)
13/38
Port range
usage
H.323
connections
Port range
name
Network element Operating System

and
Release
Dyn_H245_CLT
GD
INT_IP A
Dyn_H245_SRV
GD
INT_IP A
Dyn_H245_GA
GA
Dyn_Voice
GD
GA
INT-IP A
INT-IP B
46x5
OXE <= R5.0Lx

OXE >= R5.1
Range lower Range upper

bound
bound
25000/tcp
25999/tcp
31000/tcp
31059/tcp
7918/tcp
7953/tcp
32000/udp
32512/udp
32255/udp
32767/udp
Sheet:Port ranges
Notes
H323 Media Channel establishment

signalization H245 (outgoing call)
H323 Media Channel establishment
signalization H245 (incoming call)
H323 GW: H323 signalling with H323
Gateways/Terminals or ABC-F links
This port range is only used over UDP/IP to transport voice
using RTP protocol (RFC 3550) and fax using the T.38 protocol.
Ports are grouped by 4 with a specific use for each port:
- port #0 is used for voice transport (RTP)
- port #1 is used for RTCP
- port #2 is not used
- port #3 is used for Fax.
The range lower bound is called BASE_PORT in the
documentation. Its value can be configured through MAO on the
CS at once for all the related network elements (Media
Gateways, IP phones, ...).
The range width is constant and contains 256 ports.
Voice
connections
Dyn_MS
Dyn_Audiocode
OTUC Media
Server
Audiocode
12000/udp
4000/udp
12079/udp
4072/udp
This range consists of 40 groups of sets of 2 consecutive ports.

This conforms to the RFC 3550 for RTP: ports are 2 used this
way:
- port #0 is used for voice (RTP)
- port #1 is used for voice quality control (RTCP)
System ports use a bundle of 10 UDP port allocated this way:
ch 0 : 4000 (RTP), 4001 (RTCP), 4002 (fax)
ch 1 : 4010 (RTP), 4011 (RTCP), 4012 (fax)
...
ch i : 4000+(i*10), 4000+(i*10)+1, 4000+(i*10)+2
i <= i < n where n = number of physical ports offered by the box.
Can be 2, 4 or 8.
14/38
Sheet:CS
OXE CS, 4760, eConfig, ACAPI 2.x

Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
Router redirection command
control
ICMP
router
N/A
CS
N/A
Software downloading (rload)
support
FTP
CS
Dyn_CS/tcp
CS
21/tcp
Remote command execution
control
SHELL
CS
Dyn_CS/tcp
CS
514/tcp
Remote command execution
control
SSH
CS
Dyn_CS/tcp
CS
22/tcp
Dynamic IP configuration
control
DHCP
68/udp
CS
67/udp
Firmware and configuration download
control
TFTP
GD, GA
INT_IP B
IPP, NOE
VoWLAN
GD, GA
INT_IP A, B
IPP
NOE
Configure in
netadmin since
R5.1
If CS not in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
Always on
Dyn_MG/udp
Dyn_INT_IP/udp
69/udp
Dyn_NOE/udp
CS
69/udp
Always on
TCP
wrappers
Web server
control
HTTP
4645
Dyn_?/tcp
CS
80/tcp
If CS not in
securized
mode.
none
control
HTTPS
4645
Dyn_?/tcp
CS
443/tcp
If CS in
securized
mode.
none
control
NTP
123/udp
2048
CS
NTP server
CCD
Trap supervisor
123/udp
SNMP
CS
NTP server
CCD
MIB browser
161/udp
SNMP
CS
1024
Trap supervisor
162/udp
?/udp
CS
12300/udp
>=R5.1.1
?/udp
CS
13200/udp
<=R5.1
SYSLOG
CS
Dyn_CS/udp
Syslog server
514/udp
RIP
CS
trusted router
CS
Dyn_CS/udp
Dyn_?/udp
Dyn_CS/udp
CS
520/udp
RADIUS server
1812/udp
Purpose
Time Synchronisation with ACDv2

clients
Network supervision console
managem
ent
managem
SNMP traps
ent
TEL incidents translated managem
into SNMP traps
ent
managem
ent
Syslog journaling system control
Routing Information Protocol
control
RADIUS (Remote Authentication Dial- managem

In User Service)
ent
RADIUS
Condition of Admission
OXE
Authenticati Confident
Activation
control? version?
on
iality
Configure in
netadmin
Notes
ICMP redirect
TCP
wrappers
password for
mtcl
Active FTP mode
TCP
wrappers
TCP
wrappers
>=R6.0
none
DHCP reply sent in unicast (not RFC

compliant)
Redirected to HTTPS port if CS is

secured.
>=R6.1
yes
Peer to peer relationship (nonpredictable transit direction of first

packet).
GET only is implemented. No SET
action possible.
community
string
Configure in
netadmin
>=R6.2
none
By
configuration
>=R7.0
no
System login authorization submitted

to remote authentication server.
15/38
Purpose
Plane
Protocol
Client
Initiator
Sheet:CS
Source port
Server
Responder
Service Port
managem
Network access server for
ent
applications (CMIS, accounting tickets
on the fly)
PBX configuration
control
AOML
Remote application
(ABC-A,TSE,OTS)
Dyn_?/tcp
CS
2533/tcp
CMIP
OTS
Dyn_?/tcp
CS
2535/tcp
Remote test
support
Rtest
Remote application
Dyn_?/tcp
CS
2554/tcp
Audit of CS configuration
control
Builddistant
CCD
Dyn_Win/tcp
CS
2539/tcp
control
Loaddistant
CCD
Dyn_Win/tcp
CS
2540/tcp
control
RSL
another CS
Dyn_CS/udp
CS
2559/udp
managem
ent
control
RLIS
Remote application
Dyn_?/tcp
CS
2560/tcp
prop. ALA
Remote application
Dyn_?/tcp
CS
2561/tcp
Routing over Sporadic links

SOSM
Hotel IP Link
Remote observer
OXE
Activation
control? version?
on
iality
none
in a network of PBXs
By
configuration
By
configuration
AHL link over IP for Hotel/Hospital with
external management
Remote application
2566/tcp
CS
2565/tcp
prop. ALA
Remote application
Dyn_?/udp
CS
9743/udp
control
control
control
control
NUT
NUT
NUT
NUT
UPS device
UPS device
UPS device
UPS device
Dyn_?/tcp
Dyn_?/udp
Dyn_?/tcp
Dyn_?/udp
CS
CS
CS
CS
3305/tcp
3305/udp
3493/tcp
3493/udp
Inter-node (inter CS) exchanges

Hybrid VPN
control
Dyn_CS/udp
Dyn_?/udp
Dyn_CS/tcp
2556/udp
control
CS
Softphone
CS
CS
Redundancy
STAP
hybrid-vpn
prop. ALA
CS
2558/tcp
dhcdupli
control
prop. ALA
CS
Dyn_CS/udp
CS
2562/udp
DHCP dupli master
control
prop. ALA
CS
Dyn_CS/udp
CS
2563/udp
DHCP dupli slave
control
prop. ALA
CS
Dyn_CS/udp
CS
2564/udp
DHCP dupli command
control
prop. ALA
CS
Dyn_CS/udp
CS
2567/udp
Proprietary signaling from CS

Remote dialin access (integrated
gateway modem)
control
UA
CS
BP+128/udp
GD
BP+130/udp
survivability
mode only
support
ASCII
CS
Dyn_CS/udp
GD
BP+130/udp
Activation in
MAO
control
UA
CS, INT_IP A
BP+128/udp
BP+128/udp
control
UA
CS, INT_IP A
BP+128/udp
GD
INT_IP B
IPP, NOE
Signaling link
BP/udp
no
By
configuration
prop. ALA
Network Uninterruptible Power Supply
Configuration applications based on

ACAPI V1.x and tax tickets send over
IP use this port.
yes
managem
ent
support
DECT observation
Notes
<R6.2
<R6.2
>=R6.2
>=R6.2
no
no
This service is also used by

softphones and 4760 web clients
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
Only when CS
is duplicated.
A remote GD lost its signaling link to
CS and opened a PSTN connection to
its rescuing GD.
Remote maintenance access through
PSTN
16/38
Sheet:CS
Plane
Protocol
Client
Initiator
PAD X25 (packet

assembly/disassembly)
control
X.29
CS
Dyn_CS/tcp
CS
2534/tcp
X.25 route supervision
control
Suprout
CCD
Dyn_Win/tcp
CS
2545/tcp
Discovery
control
H225 RAS
GD, GA
INT_IP A
H323 end_point
CS
1718/udp
none
Registration, Admission and status
control
H225 RAS
GD, GA
INT_IP A
H323 end_point
CS
1719/udp
none
Call setup
control
H225 Q.931
GD, GA
INT_IP A
H323 end_point
CS
1720/udp
none
Registration, Admission and status
control
RAS
GD, GA
INT_IP A
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_MG/udp
Dyn_?/udp
Dyn_MG/tcp
Dyn_MG/tcp
Dyn_MG/tcp
CS
9090/tcp
none
Domain Name Server
control
DNS
SIP end-point
Dyn_?
CS
53/udp
SIP proxy
control
SIP
SIP end-point
Dyn_?/tcp
CS
5060 (*)/tcp
Sip gateway
control
control
SIP
SIP
SIP end-point
SIP proxy
Dyn_?/udp
Dyn_?/tcp
CS
CS
5060 (*)/udp
6060 (*)/tcp
control
SIP
SIP proxy
Dyn_?/udp
CS
6060 (*)/udp
Purpose
Source port
Server
Responder
Service Port
OXE
Activation
control? version?
on
iality
Notes
X.25
If PBX belongs
to a X.25
network of
PBXs
Always on
CS could be the client here. To be

confirmed.
SIP
Configured in
MAO
When SIP
proxy is
activated
none
>=R6.1
<R7.0
<R6.0
Only used by SIP devices in case of

spatial redundancy
External SIP service port. Used since
R7.0 by SIP proxy when active.
External SIP service port
Internal SIP gateway service port used
by the SIP proxy.
17/38
Purpose
Sheet:CS
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
control
SMTP
OTUC server
Dyn_?/tcp
4645
25/tcp
eVA configured
control
SMTP
?/tcp
4645
587/tcp
eVA configured
control
IMAP
143/tcp
eVA configured
IMAPS
Dyn_?/tcp
Dyn_CS/tcp
Dyn_?/tcp
4645
control
OTUC server
4645
OTUC server
4645
993/tcp
eVA configured
+ unknown
configuration
control
VIMAP
OTUC server
Dyn_?/tcp
4645
4033/tcp
eVA configured
control
HTTP
OTUC server
Dyn_?/tcp
4645
80/tcp
control
HTTPS
OTUC server
Dyn_?/tcp
4645
443/tcp
control
UA
CS
BP+128/udp
4645
BP+128/udp
If CS not in
securized mode
+ eVA
configured
If CS in
securized
mode + eVA
configured
eVA configured
control
UA
CS
BP+128/udp
4645
BP+132/udp
eVA configured
user
RTP/RTCP
4645
Dyn_Voice/udp
IPP, NOE
GD, GA
INT_IP A+B
BP+2,3/udp
eVA configured
Dyn_Voice/udp
Dyn_Voice/udp
user
RTP/RTCP
IPP, NOE
GD, GA
INT_IP A+B
4645
BP+2,3/udp
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_?/tcp
4645
Dyn_Voice/udp eVA configured
OXE
Activation
control? version?
on
iality
Notes
4645 (eVA)
Mail Transfer
IMAP server
Retrieve voice messages in mail

account and commands for UC
Web server
Signalling (abca)
Voice channel
VPIM
control
4645
4020 (*)/tcp
4021 (*)/tcp
eVA configured
OTUC myMessaging
?
idem
OTUC myMessaging
>=R6.1
yes
OTUC myMessaging
When the 4645 function reside on a

separate CPU than the
Communication Server
When the 4645 function reside on the
same CPU as the Communication
Server
Source and destination addresses are
never modified whether encrypted or
not.
This flow is always cleartext out of the
4645, possibly encrypted through SSM
(if 4645 is on CS or with CS) or MSM
(if protected by a separate security
module) and continues encrypted to
destination.
Direction of first packet cannot be
predetermined: both directions shall
be enabled
Between 4645 members of same
group of Voice mail systems.
18/38
Purpose
Plane
Protocol
Client
Initiator
Sheet:CS
Source port
Server
Responder
Service Port
OXE
Activation
control? version?
on
iality
Notes
Contact Center solutions

ACDv2 for Contact Center
applications: CCM, CCS, ASM
ACDCCS (supervisor)
control
ACD
CCD
Dyn_Win/tcp
CS
2538/tcp
Always on
control
ACDCCS
CCD
Dyn_Win/tcp
CS
2543/tcp
Always on
ACD PC agent
ACD Agent List Builder
Remote CSTA
control
control
control
ACDpcag
Alb
Rcsta
CCD
CCD
CCD
OTS
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_?
CS
CS
CS
2544/tcp
2546/tcp
2555/tcp
Always on
Voice
encryption
Voice
encryption
Needed only with Contact Center

applications
password
IP Touch Security box (SSM/MSM) for signaling and voice encryption

Firmware and configuration download
control
TFTP
SSM, MSM
Dyn_xSM/udp
CS
69/udp
Signaling link to SSM (Server voice

encryption box)
control
BTlink
CS
Dyn_CS/tcp
SSM
11000 (*)/tcp
Key exchange
control
CS
2048 (*)/udp
SSM
2049 (*)/udp
Alarms sent from SSM and MSM to

CS
Start/stop Voice for SSM
control
SSM, MSM
2048 (*)/udp
CS
2048 (*)/udp
control
UA lite
CS
Dyn_CS/udp
SSM
2049 (*)/udp
Start/stop Fax for SSM
control
UA lite
CS
Dyn_CS/udp
SSM
2050 (*)/udp
Remote connection
support
TELNET
CS
Dyn_CS/tcp
SSM
23/tcp
control
Saverest
PC admin
Dyn_Win/tcp
CS
2536/tcp
Voice
encryption
Voice
encryption
Voice
encryption
Voice
encryption
Voice
encryption
TCP
wrappers
>=R6.2
>=R6.2
Most of the time the dynamic port

allocated on CS has value 10000 (first
port in dynamic range).
>=R6.2
>=R6.2
First packet is MSM or SSM telling it is

up and running.
Reception of START_SRTP messages
>=R6.2
Reception of START_FAX messages
>=R6.2
SSM accepts a single console

connection with priority of V.24 over
telnet connection.
>=R6.2
Only from CS
4740 Management Application

Save and Restore
4740 only
Was used with 4740 management

application. Not used otherwise.
19/38
Source port
Service Port
4760 server
N/A
CS
N/A
FTP
4760 server
Dyn_Win/tcp
CS
21/tcp
If CS not in
securized
mode.
TCP
wrappers
TELNET
4760 server
Dyn_Win/tcp
CS
23/tcp
TCP
wrappers
SSH
4760 server
Dyn_Win/tcp
CS
22/tcp
If CS not in
securized
mode.
If CS in
securized
mode.
Alarm mails managem

ent
Web directory managem
ent
SMTP
4760 server
Dyn_Win/tcp
Mail server
25/tcp
no
HTTP
Web browser
Dyn_?/tcp
4760 server
80 (*)/tcp
no
Network supervision console managem

ent
SNMP traps managem
ent
LDAP server replication managem
ent
SNMP
MIB browser
Dyn_?/udp
4760 server
161/udp
SNMP
4760 server
162/udp
Trap supervisor
162/udp
LDAP
LDAP replication
Dyn_Win/tcp
4760 server
389/tcp
if IPSEC not
configured
LDAP
CS
Dyn_CS/tcp
4760 server
389/tcp
Configure
LDAP overflow
server in MAO
anonymous
access
CMIP
4760 server
Dyn_Win/tcp
CS
2535/tcp
yes
STAP
4760 server
Dyn_Win/udp
CS
2556/udp
if IPSEC not
configured
if IPSEC not
configured
Plane
Protocol
ICMP
Sheet:CS
Server
Responder
Purpose
Client
Initiator
OXE
Activation
control? version?
on
iality
Notes
4760 Network Management server

Test of CS presence (ping) managem
ent
File transfert : MIB, accounting managem

ent
information, past time performance,
QoS tickets, software.mao, software
downloading, backup
Remote connection managem
ent
Remote maintenance + managem
File transfert : MIB, accounting
ent
information, past time performance,
QoS tickets, software.mao, software
downloading, backup
PBX phonebook overflow
control
PBX configuration managem

ent
Directory call by name managem
ent
no
Echo request/reply done when 4760

initializes the connection to CS.
Critical to correct working of 4760.
Since 4760 >= R3.1 presence test is
done differently by attempting a TCP
connect either on FTP port (21/tcp) or
SSH port (22/tcp) if CS is securized.
login/pwd
no
passive FTP mode
login/pwd
no
password for
mtcl
yes
4760 <=
R3.1
TCP
wrappers
OXE>=6.0
4760>=4.0
Access to the phone directory from

any Web browser on any PC if
otherwise allowed.
no
IPsec shall be enabled only if LDAP
replication server do support IPsec.
Port can be configured in 4760 server
no
no
Issued upon request by a 4760 client

as if a callback was in progress
20/38
Protocol
Client
Initiator
CMISD server managem

ent
CMIP
LDAP administration server managem

ent
CMISD server managem
ent
Loader server managem
ent
LDAP PBX synchronization server managem
ent
Sheet:CS
Source port
Server
Responder
Service Port
4760 server
Dyn_Win/tcp
4760 server
30001/tcp
HTTP
4760 server
Dyn_Win/tcp
4760 server
30010 (*)/tcp
GIOP
4760 server
Dyn_Win/tcp
4760 server
30013 (*)/tcp
GIOP
4760 server
Dyn_Win/tcp
4760 server
30020 (*)/tcp
GIOP
4760 server
Dyn_Win/tcp
4760 server
30026 (*)/tcp
HTTP
4760 client
Dyn_Win/tcp
4760 server
80 (*)/tcp
Kerberos
4760 client
88/udp
4760 server
88/udp
if IPSEC
configured
LDAP
4760 client
Dyn_Win/tcp
4760 server
389/tcp
if IPSEC not
configured
IPsec key exchange managem

ent
IKE
4760 client
Dyn_Win/tcp
4760 server
500/udp
if IPSEC
configured
IPsec encrypted flows managem

ent
Sybase Anywhere database managem
ent
Access to various services: Alarms, managem
Extractor, License, Notification,
ent
SaveRestore, Scheduler, Security,
etc...
ESP
4760 client
N/A
4760 server
N/A
TDS
4760 client
Dyn_Win/tcp
4760 server
30011 (*)/tcp
GIOP
4760 client
Dyn_Win/tcp
4760 server
SSH
4760 client
Dyn_Win/tcp
4760 server
30012 (*)/tcp,
30014 (*)/tcp
30019 (*)/tcp,
30022 (*)/tcp
30025 (*)/tcp
30028 (*)/tcp
if IPSEC
configured
if IPSEC not
configured
if IPSEC not
configured
TELNET
4760 client
Dyn_Win/tcp
4760 server
GIOP
4760 server
Dyn_Win/tcp
4760 client
Purpose
Plane
OXE
Activation
control? version?
on
iality
IPsec
login/pwd
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
Notes
Not configurable (difference with other
4760 server service ports in the 300xx
range).
IPsec
IPsec
IPsec
IPsec
4760 Network Management Client

Web access managem
ent
Kerberos managem
ent
Replication avec server LDAP externe managem

ent
MindTerm (SSH client) on 4760 client
support
Telnet proxy managem

ent
Notification of CORBA events managem
ent
30100 (*)/tcp
30149 (*)/tcp
30500 (*)/tcp
30509 (*)/tcp
if IPSEC not
configured
if IPSEC not
configured
if IPSEC not
configured
yes
yes
4760 >=
R3.0
anonymous
+
login/pwd
IPsec
4760 >=
R3.0
yes
yes
4760 >=
R3.0
yes
yes
login/pwd
IPsec
no
IPsec
IPsec and
SSH
IPsec
IPsec
IPsec uses Kerberos as its default

authentication mechanism. Another
mechanism can be defined by the
customer.
Note: Microsoft may use TCP as
transport even though not standard.
IPsec shall be enabled only if potential
clients do support IPsec.
IPsec is not configured by default.
21/38
Purpose
Plane
Protocol
Client
Initiator
FTP
Sheet:CS
Source port
Server
Responder
Service Port
4760i
Dyn_?
CS
21/tcp
TELNET
4760i
Dyn_?
CS
23/tcp
SSH
4760i
Dyn_?
CS
22/tcp
HTTP
4760i
Dyn_?/tcp
CS
80/tcp
HTTPS
4760i
Dyn_?/tcp
CS
443/tcp
GIOP
4760i
Dyn_?/tcp
CS
5540/tcp
OXE
Activation
control? version?
on
iality
Notes
4760i (eConfig)
File transfer: MAO data during managem
save/restore operations
ent
Remote connection managem
ent
Remote connection and file transfert managem
(MAO data during save/restore
ent
operations)
Applet download managem
ent
Applet download managem

ent
PBX configuration (NMCCS) managem
ent
If CS not in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
If CS not in
securized
mode.
TCP
wrappers
password for
mtcl
TCP
wrappers
password for
mtcl
If CS in
securized
mode.
none
TCP
wrappers
>=R6.0
none
passive FTP mode
password for
mtcl
none
>=R6.1
Needed only the first time to download

the applet.
secured.
Needed only the first time to download
the applet.
none
yes
yes
no
CORBA access
password for
mtcl
no
passive FTP mode
login/pwd
yes
yes
no
ACAPI 2.x
File transfer: MIB
managem
ent
FTP
ACAPI 2.x
Dyn_Win/tcp
CS
21/tcp
File transferts : MIB
managem
ent
SSH
ACAPI 2.x
Dyn_Win/tcp
CS
22/tcp
PBX configuration
managem
ent
CMIP
ACAPI 2.x
Dyn_Win/tcp
CS
2535/tcp
Remote maintenance
support
TELNET
PC support
Dyn_?/tcp
CS
23/tcp
Maintenance access
support
SSH
PC support
Dyn_?/tcp
CS
22/tcp
Webtools
support
HTTP
PC support
Dyn_?/tcp
CS
80/tcp
Webtools
support
HTTPS
PC support
Dyn_?/tcp
CS
443/tcp
If CS not in
securized
mode.
If CS in
securized
mode.
TCP
wrappers
TCP
wrappers
>=R6.0
Support PC
(*)
Port number is configurable
If CS not in
securized
mode.
If CS in
securized
mode.
If CS not in
securized
mode.
If CS in
securized
mode.
TCP
wrappers
TCP
wrappers
>=R6.0
none
none

secured.
>=R6.1
yes
yes
22/38
Sheet:MG
GD, GA, INT_IP A & B

Plane
Protocol
Client
Initiator
Source port
control
ICMP
router
N/A
Autodiagnostic
support
ICMP
INT_IP A+B
N/A
Diagnosis of white
communications
support
ICMP
GD, GA
manage
ment
control
SNMP
DHCP
control
TFTP
control
TFTP
Purpose
GD configuration and software
upgrade (file download: binaries
(binmg)+config (lanpbx.cfg,
startmgd)+voice guides
UA phone sets initialization
downloads lanpbx.cfg, starttscip,
startnoe,
Server
Responder
Service port
Condition
of
Activation
Admission
control?
Notes
GD, GA
INT_IP B
router
CS
N/A
ICMP redirect
N/A
ICMP echo request sent to

router and then CS when
signaling link to CS is lost to
determine where the link is
broken and issue incident to
help auto-diagnostic.
N/A
CS
GD,GA
INT_IP A+B
N/A
ICMP destination unreachable

emitted when packet received
on closed fastsocket. Emitting
GD/CS then logs an incident
helping diagnose broken
communications (white or
half).
MIB browser
Dyn_?/udp
GD, GA
161/udp
GD
INT_IP B
GD, GA
INT_IP A+B
68/udp
DHCP server
67/udp
Dyn_MG/udp
Dyn_INT_IP/udp
CS
69/udp
69/udp
Dyn_NOE/udp
GD
69/udp
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
community
string
Request sent in broadcast (as
per RFC)
Survivability
mode only
GD while in survivability mode

will serve configuration files to
the UA phone sets.
23/38
Sheet:MG
Protocol
Client
Initiator
Source port
Server
Responder
Service port
CS controlling the MG control

MG controlling the GA control
UA
UA
CS, INT_IP A
GD
BP+128/udp
BP+128/udp
GD, INT_IP B
GA
BP+128/udp
BP+128/udp
Survivability against CS
connectivity loss
Rescuing side control
UA
CS
BP+128/udp
GD
BP+130/udp
Survivability
mode only
Trafic goes over the PSTN.

This port is only used on
rescuing GD (close to the CS)
= the one called through
PSTN by the GD to be
rescued.
Rescued side control
UA
GD
INT_IP A+B
BP+128/udp
IPP, NOE
Softphone
BP/udp
Survivability
mode only
Rescued side
Encryption support
Voice commands control
UA lite
BP+130/udp
MSM
2049 (*)/udp
Fax commands control
UA lite
GD, GA
INT_IP A+B
GD, GA
INT_IP A+B
BP+131/udp
MSM
2050 (*)/udp
Voice
encryption
Voice
encryption
Purpose
Plane
Condition
of
Activation
Admission
control?
Notes
Proprietary signaling
24/38
Purpose
Plane
Client
Initiator
Protocol
Source port
Sheet:MG
Server
Responder
Service port
Condition
of
Activation
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
Admission
control?
Notes
H.323 Gateway (GW)

H.323 gatekeeper discovery (bcast control
or multicast to IP@ 224.0.1.41))
H.323 GK discovery (unicast) and control

GW RAS signaling
H323 RAS signaling control
H.323 RAS
Dyn_?/udp
GD, GA
INT_IP A
1718/udp
Dyn_?/udp
GD, GA
INT_IP A
1719/udp
Dyn_?/udp
INT_IP A
1720/udp
GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
GD, GA
INT_IP A
H.323 extern gw
H.323 end_point
GD, GA
INT_IP A
Dyn_H225_CLT/tcp
GD, GA
INT_IP A
H.323 extern gw
1720/tcp
?/tcp
GD
Dyn_H225_CLT/tcp
Dyn_?/tcp
GD, GA
INT_IP A
1961/tcp
Dyn_H245_CLT/tcp
Dyn_?/tcp
Dyn_?/tcp
?/tcp
GD, INT_IP A
Dyn_H245_SRV/tcp
GA
Dyn_H245_GA/tcp
Dyn_?/tcp
GD
4560/tcp
GD, GA
INT_IP A
H.323 end_point
GD, GA
INT_IP A
H.323 end_point
H.323 end_point
H.323 Call establishment signaling control

(H.225) with H.323 terminals, other
gateways or ABC-F links
H.323 Call establishment control

signalisation H.225
(Q.931)
H.245 signaling control
H.245 media channel establishment control

signalization
H.323 signalling with H.323 control

Gateways/Terminals or ABC-F links
GD, INT_IP A
H.323 extern gw
H.323 end_point
?
H.323 monitor manage

ment
No more needed?
Iff a H.323
trunk is
declared
Iff a H.323
trunk is
declared
25/38
Purpose
Client
Initiator
Plane
Protocol
Source port
user
RTP/RTCP
GD, GA
INT_IP A+B
Dyn_Voice/udp
user
RTP/RTCP
IPP, NOE
Softphone
user
T.38
user
T.38
Sheet:MG
Server
Responder
Admission
control?
Notes
Service port
Condition
of
Activation
IPP, NOE
Softphone
BP+2,3/udp
START_RTP
in signaling
Whether encrypted of not, the

source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.
BP+2,3/udp
GD, GA
INT_IP A+B
Dyn_Voice/udp
START_RTP
in signaling
Direction of first packet cannot

be predetermined: both
directions shall be enabled
GD, GA
INT_IP A+B
Dyn_Voice/udp
Fax
?/udp
START_FAX
in signaling
Whether encrypted of not, the

source and destination
addresses are not changed:
this flow is cleartext out of the
MG. When voice is encrypted,
cleartext flows through MSM
where it is encrypted and
continues encrypted to
destination.
Fax
?/udp
GD, GA
INT_IP A+B
Dyn_Voice/udp
START_FAX
in signaling

Media: voice, fax...

Voice channel, voice quality control
Fax over IP
26/38
Protocol
Client
Initiator
Source port
Maintenance access support
TELNET
CS
Dyn_CS/tcp
support
Maintenance file transfer support
support
TELNET
TFTP
FTP
GD, GA
PC support
GD, GA
ASCII
CS
Purpose
Plane
Sheet:MG
Server
Responder
Service port
Condition
of
Activation
Admission
control?
GD, GA
INT_IP A+B
23/tcp
always on
Incoming
connection
request
allowed only
from Call
Server
Dyn_MG/tcp
Dyn_?/udp
Dyn_MG/tcp
PC support
INT_IP A+B
PC support
23/tcp
69/udp
21/tcp
always on
Dyn_CS/udp
GD
BP+130/udp
Notes
Maintenance and Support
External access for remote support

maintenance (eRMA)
Activation in
MAO
Used for support only.

FTP transfer in active mode
unless client invoked
differently
The CS sends through this
port ASCII to the modem
embedded on the GD.
27/38
Sheet:Auxiliaries
Various network elements

Purpose
Source port
Server
Responder
?
?
?
GD, GA
INT_IP A+B
?/tcp
?/udp
Dyn_?/tcp
Dyn_Voice/udp
Audiocode
Audiocode
Audiocode
Audiocode
1720/tcp
1719/udp
Dyn_?/tcp
Dyn_Audiocode/u
dp
RTP/RTCP
Audiocode
PC admin
GD, GA
INT_IP A+B
Audiocode
Dyn_Voice/udp
HTTP
Dyn_Audiocode/u
dp
Dyn_?/tcp
80/tcp
Optional
Syslog
2048
Audiocode
514/udp
Optional
SNMP
1024
Audiocode
160,161/udp
Optional
TELNET
PC support
Dyn_?/tcp
MOXA
23/tcp
CS
Dyn_CS/tcp
MOXA
4000/tcp
CS
Dyn_CS/tcp
MOXA
[950,965]/tcp
Upper bound depends on

number of ports supported
by the box. Example a 4-port
box range will end at 953.
control
CS
Dyn_CS/tcp
MOXA
[966, 981]/tcp
Likewise upper bound for a 4port box will be 969.
manageme
nt
Dyn_?/udp
MOXA
1028/udp
Plane
Protocol
control
control
control
user
H.225
H.323
H.245
RTP/RTCP
user
manageme
nt
manageme
nt
manageme
nt
Client
Initiator
Service port
Condition Admission
control?
of
Activation
OXE
version
Notes
Audiocode (Z behind IP)

H.225 listen & dial port
RAS
H.245
RTP, RTCP, T.38
Web
Syslog
SNMP
Mandatory
Optional
Mandatory
Direction of first packet
cannot be predetermined:
both directions shall be
enabled
Moxa (V.24 port extender over IP)

Telnet
Configurator / FW settings
Data port
Command port
Broacast monitor real com installer
manageme
nt
manageme
nt
user
28/38
Sheet:Auxiliaries
Plane
Protocol
Client
Initiator
Signaling link
Client API on WIndows system
control
control
UA
HTTP
CS
PC appli
BP+128/udp
Dyn_Win/tcp
PRS
PRS
2570/udp
8080/tcp
Client API on Linux system
control
HTTP
PC appli
Dyn_Lnx/tcp
PRS
manageme
nt
support
user
HTTP
PC admin
Dyn_?/tcp
PRS
8080/tcp
8083/tcp
2010/tcp
?
HTTP
PC admin
NOE
Dyn_?/tcp
Dyn_NOE
PRS
PRS or
API servers
2009/tcp
80/tcp
support
FTP
PC support
Dyn_Win/tcp
CS
21/tcp
support
SSH
PC support
Dyn_Win/tcp
CS
22/tcp
File Transfer for software update
support
FTP
CS
Dyn_CS/tcp
PC Installer
21/tcp
DHCP client
support
DHCP
CS
68/udp
PC Installer
67/udp
TFTP client
support
TFTP
CS
Dyn_CS/udp
PC Installer
69/udp
Purpose
Source port
Server
Responder
Service port
Condition Admission
control?
of
Activation
OXE
version
Notes
Presentation Server (PRS)
Web-based management
PRS monitoring
NOE applications
OXE >= R6.0

Windows server supported
only in small configuration
Linux server(s) in large
configurations
NOE >= v3
The HTTP server is any of

the API servers. Actual
request port may be any of
80, 8080, 8081, 8083, etc...
Alcatel Audio Station (AAS)

Vocal guide file transfert
If CS not in
securized
mode.
If CS in
securized
mode
mtcl pwd
mtcl pwd
Active FTP mode
>=R6.0
PC Installer
Active FTP mode, CS is

client.
Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.
Only for complete
reinstallation of system and
call handling software on CS.
CS is the client.
29/38
Sheet:UA terminals
IP phone (IPP), IP touch (NOE), MIPT, Softphone

Purpose
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service port
Router presence check
control
ICMP
IPP
N/A
router
N/A
control
ICMP
NOE
N/A
router
N/A
control
ICMP
router
N/A
N/A
manage
ment
control
SNMP
MIB browser
Dyn_?/udp
IPP, NOE,
MIPT
IPP
161/udp
DHCP
68/udp
DHCP server
67/udp
control
TFTP
IPP, NOE,
MIPT
IPP
NOE, MIPT
Softphone
Dyn_IPP/udp
Dyn_NOE/udp
Dyn_Win/udp
TFTP server
69/udp
control
LDAP
Softphone
Dyn_Win/tcp
LDAP server
389/tcp
UA
CS, INT_IP A
BP+128/udp
BP/udp
control
control
STAP
UA
CS, INT_IP A
GD
INT_IP A+B
2556/udp
BP+128/udp
IPP, NOE,
MIPT
Softphone
IPP, NOE,
MIPT
control
Encryption of voice and signaling control
ATAPI
IKE
Softphone
SSM
Dyn_Win/tcp
Dyn_?/udp
OTS
NOE
3595/tcp
500/udp
ESP
SSM
N/A
NOE
N/A
Phone configuration and software
upgrade (file download:
binaries+config information
Download lanpbx.cfg, starttscip,
startnoe)
Phone directory
Condition of
Activation
Admission
control?
Version?
Notes
ICMP echo request/reply

Was critical for correct
operation
ICMP echo request/reply
NOT critical for correct
operation
ICMP redirect
community
string
IP phone only, not NOE.
If dynamic
configuration
Signaling link control
control
BP/udp
BP/udp
When not in encrypted

mode
The phone needs to be

statically configured for the
survivability mode to be
effective.
When in survivability
mode
When in encrypted
mode
When in encrypted
mode
OXE >=
R6.2
OXE >=
R6.2
30/38
Purpose
Client
Initiator
Source port
Server
Responder
Sheet:UA terminals
Plane
Protocol
Service port
user
RTP/RTCP
or
SRTP/SRTCP
GD, GA
INT_ IP A+B
Dyn_Voice/udp
IPP, NOE,
MIPT,
Softphone
BP+2,3/udp
user
RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp
GD, GA
INT_ IP A+B
Dyn_Voice/udp
user
RTP/RTCP
Softphone
Dyn_Win/udp
GD, GA
INT_ IP A+B
Dyn_Voice/udp
user
RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp
IPP, NOE,
MIPT,
Softphone
BP+2,3/udp
user
RTP/RTCP
or
SRTP/SRTCP
IPP, NOE,
MIPT
BP+2,3/udp
IPP, NOE,
MIPT
BP+2,3/udp
user
RTP/RTCP
Softphone
Dyn_Win/udp
IPP, NOE,
MIPT
BP+2,3/udp
user
HTTP
NOE
Dyn_NOE
PRS
API servers
80/tcp
Condition of
Activation
Admission
control?
Version?
Notes
Media: voice, fax...

Voice channel
Voice quality control
Whether encrypted of not,

the source and destination
addresses are not
changed.
enabled
Voice packets emitted by
the softphone are sent
from a dynamic UDP port.
Whether encrypted of not,
the source and destination
addresses are not
changed.
enabled
Voice packets emitted by
the softphone are sent
from a dynamic UDP port.
with gateways
Voice channel
Voice quality control
between UA phones
Applications
NOE applications
NOE >= v3 The HTTP server is anyone
amongst the API servers.

Actual request port may be
any from 80, 8080, 8081,
8083, etc...
(See tab 'Auxiliaries' for

more information on PRS)
Maintenance and Support

Maintenance access
support
TELNET
PC support
Dyn_?/tcp
IPP
23/tcp
always on
support
TELNET
PC support
Dyn_?/tcp
NOE
23/tcp
SET_PARAM UA
message with telnetd
timeout
Incoming
connection
request
allowed only
from Call
Server
none
31/38
Sheet:OTUC
OmniTouch Unified Communications

Purpose
Plane
Protocol
control
control
control
control
user
ATAPI
LDAP
TFTP
STAP
RTP/RTCP
Client
Initiator
Source port
Server
Responder
Service Port
OTS
LDAP server
TFTP server
Client
Softphone
3595/tcp (*)
389/tcp
69/udp
BP/udp
BP+2,3/udp
OTUC
Authentication Confidentiality Integrity
version?
Notes
myPhone
Voice
Client
Dyn_Win/tcp
Client
Dyn_Win/tcp
Client
Dyn_Win/udp
CS
2556/udp
GD, GA, 46x5 Dyn_Voice/udp
INT_IP A+B Dyn_Voice/udp
Dyn_MS/udp
Media Server
BP+2,3/udp
IPP, NOE
YES
NO
NO
?
NO
NO
NO
NO
NO
NO
user
RTP/RTCP
Softphone
Dyn_Win/udp
GD, GA, 46x5

INT_IP A+B
Media Server
IPP, NOE
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2,3/udp
NO
control
control
CSTA
CMISD
Service Infra
Service Infra
Dyn_?/tcp
Dyn_?/tcp
CS
CS
2555/tcp
2535/tcp
YES
YES
control
HTTP
Client
Dyn_Win/tcp
Service Infra
8080/tcp
YES
YES (HTTPS)
control
control
control
control
control
SOAP/HTTP
IMAP4
FlexLM
MAPI
IMAP4
Client
Client
Client
Client
Client
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win
Dyn_Win/tcp
Dyn_Win/tcp
8083/tcp
143/tcp (993/tcp)
27000
?/tcp
143/tcp (993/tcp)
?
YES
?
YES if IMAP4s
YES
YES
YES if IMAP4s
control
control
control
control
HTTP
SOAP/HTTP
NAPI
IMAP4
Client
Client
Client
Client
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win/tcp
Dyn_Win/tcp
control
control
HTTP
SOAP/HTTP
Client
Client
Dyn_Win/tcp
Dyn_Win/tcp
Service Infra
46x5
Service Infra
Exchange
46x5
IMAP4 Server
Service Infra
Service Infra
Domino
46x5
IMAP4 Server
Service Infra
Service Infra
Email server
Store Voice Message
IMAP4 server access
control
control
SMTP
IMAP4
Service Infra
Service Infra
Dyn_?/tcp
Dyn_?/tcp
Email server
Email server
25/tcp
143/tcp
Mail box access

PIM mngt
Filter mngt
Notif request
control
control
control
control
HTTP
HTTP
HTTP
HTTP
Service Infra
Service Infra
Service Infra
Email server
Dyn_?/tcp
Dyn_?/tcp
Dyn_?/tcp
Dyn_?/tcp
Email server
Email server
Email server
Service Infra
8000/tcp
8001/tcp
8002/tcp
8082/tcp
Service Infrastructure
CS interfacing
Mngt Interfacing
NO
Not for Websoftphone

Voice packets emitted by the
softphone are sent from a
dynamic UDP port.
OTS server
OTS server
myMessaging
Web client
Outlook Client
Lotus Client
8080/tcp
8083/tcp
?/tcp
143/tcp (993/tcp)
8080/tcp
8083/tcp
>=R3.x
>=R3.x
>=R3.x
YES
?
YES
YES
YES (HTTPS)
?
YES if IMAP4s
YES
?
YES (HTTPS)
?
Only if LARGE or
Websoftphone
Only if integrated voice mail
Only if integrated voice mail or
external IMAP server
Only if LARGE
Only if external IMAP server

Only if LARGE
Not if Exchange or Domino is

used as eMail server
32/38
Purpose
Voice mail server

Voice Mail access
Voice Mail Control
Media Server (MS)
Voice Signaling
Voice Flow
Voice Application
Source port
Server
Responder
Service Port
Sheet:OTUC
Plane
Protocol
Client
Initiator
control
control
IMAP4
VMMC2/HTTP
Service Infra
Service Infra
Dyn_?/tcp
Dyn_?/tcp
46x5
46x5
143/tcp (993/tcp)
80/tcp
YES
YES
YES if IMAP4s
NO
control
SIP
CS
5060 (*)/udp
MS
5060 (*)/udp
YES but Not used
NO
user
RTP/RTCP
MS
Dyn_MS/udp
NO
NO
GD, GA, 46x5 Dyn_Voice/udp

INT_IP A+B Dyn_Voice/udp
BP+2,3/udp
IPP, NOE,
Softphone
user
RTP/RTCP
MS
Dyn_MS/udp
control
control
HTTP/VXML
HTTP/PPR
MS
Service Infra
Dyn_?/tcp
Dyn_?/tcp
OTUC
Authentication Confidentiality Integrity
version?
Notes


GD, GA, 46x5
INT_IP A+B
IPP, NOE,
Softphone
Service Infra
MS
Dyn_Voice/udp
Dyn_Voice/udp
BP+2,3/udp
NO
NO
8080/tcp
8015/tcp
NO
NO
NO
NO
1099/tcp
27000
YES
389
YES
YES
YES
YES (HTTPS)
myAssistant
no specific flow
Common Service Infrastructure
Notes
OTUC application
Licences access
control
control
Java RMI
FlexLM
another CS
Service Infra
Dyn_CS/tcp
Dyn_?
Directories
control
LDAP
Service Infra
Dyn_?
Service Infra
Licences
Server
Directory
SQL Database
control
Service Infra
Dyn_?
Database
API openness
control
Third party
Dyn_?/tcp
Service Infra
8080/tcp
(*)
SOAP/HTTP
configurable through command line upon server startup
LDAP directory internal to

OTUC (not the company's
directory)
Internal to OTUC (only if
LARGE)
Home page access. Only in
LARGE.
33/38
Sheet:OTCC
OmniTouch Contact Center

Plane
Protocol
Client
Initiator
FTP
PC admin
Dyn_?
Afe
21/tcp
Mngt interfacing <==>

CCD Supervision <==>
TSS tool for Afe <==>
manage
ment
control
control
support
CMIS
?
Text
Dyn_CS
Dyn_Win
Dyn_?
Cmisd
Afe
Afe
2535/tcp
2538/tcp
2538/tcp
OXE
OXE
OXE
YES
YES
NO
Debug only
CCS emulator <==>
support
TELNET
Dyn_?
Afe
2538/tcp
OXE
NO
Debug only
CCS Server <==>

TSS tool for CCS Server
<==>
control
support
?
Text
Dyn_Win
Dyn_?
Afe
CCS Server
2538/tcp
2543/tcp
OXE
OXE or
Windows
NO
NO
Debug only
CCD Supervision <==>
control
Afe
CCS
PC support
(adm_acd)
PC support
(terminal)
CCS Server
PC support
(adm_acd servccs)
CCS
Dyn_Win
CCS Server
2543/tcp
YES
pilot_test
support
UA
Purpose
Source
port
Server
Responder
Service
Port
Port
Location
Condition of Authentication
activation
Notes
CCD
Stats transfer <==>
YES
rtest
2554/tcp
PABX interfacing <==>

CSTA Tools <==>
PC support
(pilot_test)
control
CSTA / C
Afe
support CSTA / ASN1 Pilot/Pilot2a
OXE or
Windows
OXE
?
?
CSTA server
CSTA Server
2555/tcp
2555/tcp
CSTA web access

CSTA Telnet
lis
support
control
support
support
CSTA / C
HTML
TELNET
LIS
Pilot2
Browser
telnet
lis
?
?
?
?
CSTA Server
CSTA Server
CSTA Server
rlis
manage
ment
LIS
lisEA
rlisEA
lisEA
Manual
configuration
NO
Test only
OXE
OXE
NO
NO
Test only
2555/tcp
2555/tcp
2555/tcp
2560/tcp
OXE
OXE
OXE
OXE
NO
NO
NO
YES
2561/tcp
OXE
Manual
configuration
EAU
configuration
YES
Test only
Debug only
Test SOSM
34/38
Purpose
Protocol
Client
Initiator
control
Alb
Plane
Source
port
Server
Responder
Sheet:OTCC
Service
Port
Port
Location
activation
Afe
2538/tcp
OXE
NO
Notes
Agent Call Routing (ACR)

internal agent selector
<==>
external agent selector
<==>
TSS tool for asm/alb <==>
control
Asm
Afe
2538/tcp
OXE
NO
support
Text
Alb/Asm
2546/tcp
control
ASM Manager
2546/tcp
Scripting <==>
control
Alb/Asm
ASM SE
2546/tcp
Script debugger <==>
control
debugger
Alb/Asm
2546/tcp
OXE or
Windows
OXE or
Windows
OXE or
Windows
OXE or
Windows
NO
ASM Manager <==>
adm_acd salb
Alb/Asm
SQL Interface <==>
control
ODBC
Customer
Database
Asm
?/tcp
Scripting
support
Debug only
NO
YES
YES
YES
1969/tcp
Windows
OXE
Not used
WFP
Statistics importing <==>
Statistics exporting =>
Wfp
Afe
2538/tcp
NO
FTP
customer
host
WFP
?/tcp
?
?
Afe
CCA Server
2538/tcp
2544/tcp
OXE
Windows
NO
NO
?
?
?
?
Manager
CCA Server
OTS
CSTA Server
2544/tcp
2544/tcp
3595/tcp
2555/tcp
Windows
Windows
Windows
OXE
YES
YES
YES
YES
YES
Contact Center Agent (CCA)

CCA Server <==>
TSS tool for CCA Server
<==>
Manager <==>
Agent desktop <==>
Agent desktop <==>
voice signaling <==>
control
support
control
control
control
control
?
Text
CCA Server
adm_acd spcag
?
CCA Server
?
CCA
ATAPI
CCA
CSTA / ASN1
OTS
Debug only
35/38
Purpose
Plane
Protocol
Client
Initiator
Source
port
Server
Responder
Sheet:OTCC
Service
Port
Port
Location
activation
Notes
Contact Center Outbound (CCO)

CTI application <==>
control CSTA / ASN1 CSTA Server
?
?
?
?
WEB Server
FTP Server
Synchro
Server
Config Server
Genesys
T-Server
CCA
CCOSE
Afe
agent scripting <==>

CCO Script Editor <==>
Data synchronization =>
control
control
control
HTTP
FTP
?
CCO Script Editor <=
control
CCO Script Editor
support
2555/tcp
OXE
NO
80/tcp
2121/tcp
2538/tcp
Windows
Windows
OXE
NO
YES
NO
CCOSE
2020/tcp
Windows
YES
CCOSE
1970/tcp
Windows
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
CSTA server
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
ADM
900/tcp
10000/tcp
11000/tcp
901/tcp
902/tcp
903/tcp
904/tcp
906/tcp
907/tcp
908/tcp
909/tcp
910/tcp
911/tcp
913/tcp
914/tcp
950/tcp
951/tcp
952/tcp
953/tcp
954/tcp
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Windows
Not used
Contact Center Interactive Voice Response (CCIVR)

ADM <==>
EST <==>
APPLICATION <==>
ADS
ALARM
DBS
RPM
SMS
STS
VPRM
AMBX
EAS
SAS
SASDISP
ACRS
extra1
extra2
extra3
extra4
extra5
control
control
control
control
control
control
control
control
control
control
control
control
control
control
control
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
ADM
EST
appli
ADS
ALARM
DBS
RPM
SMS
STS
VPRM
AMBX
EAS
SAS
SASDISP
ACRS
extra1
extra2
extra3
extra4
extra5
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
YES
36/38
Purpose
Plane
Protocol
myserver
performTest
SIM_dataServer
support
support
support
?
?
?
SIM_DBS
SIM_VPRM
TBBS
TSA
support
support
?
?
?
Client
Initiator
Source
port
Server
Responder
Sheet:OTCC
Service
Port
Port
Location
activation
Notes
?
?
?
ADM
ADM
ADM
850/tcp
851/tcp
852/tcp
Windows
Windows
Windows
YES
YES
YES
Test only
Test only
Test only
?
?
?
?
?
myserver
performTest
SIM_dataSer
ver
SIM_DBS
SIM_VPRM
TBBS
TSA
TSA
?
?
?
?
?
ADM
ADM
Windows
Windows
Windows
Windows
Windows
YES
YES
YES
YES
YES
Test only
Test only
ADM
ADM
853/tcp
854/tcp
855/tcp
111/tcp
708/tcp
? control
T-server
?/tcp
CS
0/tcp
N/A
Value is configurable with a default

of 0. Change takes effect after Tserver has reconnected to the link.
? control
T-server
?/tcp
client
0/tcp
N/A
Value is configurable with a default

of 0. Change takes effect after Tserver is restarted.
Genesys
37/38
Sheet:VoWLAN
Voice over Wireless LAN: Airespace or Aruba infrastructure

Purpose
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
Condition VoWLAN
of
version?
activation
Notes
Mobile IP Telephony handset (MIPT)

control
DHCP
MIPT
68/udp
SVP
67/udp
Download configuration
files, binary, menu files
Spectralink voice protocol
control
TFTP
MIPT
Dyn_WLAN/udp
TFTP server
69/udp
control
SRP (119)
MIPT
N/A
SVP
N/A
H.323 incoming call
control
H.323/H.225
GD
Dyn_H225_CLT/tcp
MIPT (NATed)
1720/tcp
H.323 outgoing call
control
H.323/H.225 MIPT (NATed)
Dyn_WLAN/tcp
GD
1720/tcp
H.245 to GD
control
H.323/H.245 MIPT (NATed)
Dyn_WLAN/tcp
GD
Dyn_H245_SRV/tcp
H.245 to MIPT
control
H.323/H.245
GD
Dyn_H245_CLT/tcp
MIPT (NATed)
41788/tcp
user
RTP/RTCP
19282/udp
RTCP may be blocked bu firewall since

all RTCP traffic to MIPT is ignored and
MIPT doesn't emit any RTCP packet.
RTP/RTCP
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp
19282/udp
MIPT (NATed)
user
GD, GA, 46x5

INT_IP A+B
Media Server
IPP, NOE
Softphone
MIPT (NATed)
GD, GA, 46x5

INT_IP A+B
Media Server
IPP, NOE
Softphone
Dyn_Voice/udp
Dyn_Voice/udp
Dyn_MS/udp
BP+2/udp
Dyn_?/udp
Direction of first packet cannot be

predetermined: both directions shall be
enabled
Voice channel, Voice

quality control
This is an IP protocol at same level as

UDP or TCP (no notion or source or
destination port)
Traffic to MIPT translated is actually
intercepted by SVP which performs a
pseudo NAT function, redirecting the
traffic through SRP protocol
38/38
Sheet:VoWLAN
Plane
Protocol
Client
Initiator
Source port
Server
Responder
Service Port
control
DHCP
SVP
68/udp
DHCP server
67/udp
H.225 RAS to H.323

Gatekeeper
Maintenance download of
configuration files, binary
control
H.323/H.225
GD
1719/udp
SVP
1719/udp
support
TFTP
SVP
Dyn_WLAN/udp
TFTP server
69/udp
manage
ment
TELNET
PC support
Dyn_?/tcp
SVP
21/tcp
Maintenance download of
configuration files, binary
support
TFTP
OAW
Dyn_WLAN/udp
TFTP server
69/udp
Management console
access
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
manage
ment
TELNET
PC support
Dyn_?/tcp
OAW
21/tcp
SSH
PC support
Dyn_?/tcp
OAW
22/tcp
HTTP
PC admin
Dyn_?/tcp
OAW
80/tcp
HTTPS
PC admin
Dyn_?/tcp
OAW
443/tcp
SYSLOG
OAW
Dyn_WLAN/udp
syslog server
514/udp
SNMP
Supervision
console
OAW
Dyn_?/udp
OAW
161/udp
Dyn_WLAN/udp
Supervision
console
162/udp
Purpose
Condition VoWLAN
of
version?
activation
Notes
SVP management
Management console
access
OAW management
Web-based management
Journaling output
SNMP requests
SNMP traps
SNMP
SVP acts as a DHCP proxy relaying

the DHCP request in unicast to the
actual DHCP server.
DHCP can be made mandatory for
every terminal
registration or RAS admission
message

OXE Ip Ports

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

OXE Ip Ports

Diunggah oleh

Hak Cipta:

Format Tersedia

1/38

Synthesis of IP flows in OmniPCX Enterprise solution

Function usually assumed by

BP = 32000 for OXE <= R5.0Lx

The Call Server

Mobile IP Telephony handset

GD, GA, INT_IP A or B.

The Call Server

An authentication server provided by

Remote GD over an HSL link (not over IP)

Synthesis of IP flows in OmniPCX Enterprise solution

Customer's router from which IP routing information (through RIP protocol) is

Uninterruptible Poser Supply

Synthesis of IP flows in OmniPCX Enterprise solution

The Call Server

IP phone, IP touch, Softphone

Parent process (on CS)

Function fulfilled by this flow.

Synthesis of IP flows in OmniPCX Enterprise solution

File transfert for what purpose.

Licence XX purchased, presence of server YY

Tells whether confidentiality of the information

Synthesis of IP flows in OmniPCX Enterprise solution

Synthesis of IP flows in OmniPCX Enterprise solution

H.323 Gateway discovery

Receive incidents from IPT Security box (SSM)

Synthesis of IP flows in OmniPCX Enterprise solution

H.323 Internal Gatekeeper

Cmis server for Call Server configuration

RSL socket port

UPS monitoring for OXE versions since R6.2 (inclusive)

Virtual domain IMAP

Synthesis of IP flows in OmniPCX Enterprise solution

Session Initiation Protocol proxy servier

Synthesis of IP flows in OmniPCX Enterprise solution

Synthesis of IP flows in OmniPCX Enterprise solution

Dynamic Port Ranges

Network element Operating System

Range lower Range upper

4760 server and

Client side of Dyn_INT_IP

Synthesis of IP flows in OmniPCX Enterprise solution

Range depends on TFTP answering server: Chorus (1st range

Used by INT_IP boards to download their binaries using TFTP.

Used by the Security Modules used to encrypt/decrypt the

Configurable through creation in the registry of the key

Network element Operating System

OXE <= R5.0Lx

Range lower Range upper

H323 Media Channel establishment

This range consists of 40 groups of sets of 2 consecutive ports.

Synthesis of IP flows in OmniPCX Enterprise solution

OXE CS, 4760, eConfig, ACAPI 2.x

Router redirection command

Software downloading (rload)

Remote command execution

Remote command execution

Firmware and configuration download

Time Synchronisation with ACDv2

Routing Information Protocol

RADIUS (Remote Authentication Dial- managem

Synthesis of IP flows in OmniPCX Enterprise solution

Active FTP mode